No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

How Enterprises Can Use Encryption to Protect Linux Servers and Support Compliance Efforts

The 4 Technological Features Key to Protect Against Data Breaches

by Garry McCracken
April 5, 2019
in Compliance, Featured
red combination lock on circuit board

WinMagic’s Garry McCracken discusses the encryption capabilities that are built into Linux, the gaps in protection/compliance risks, and what companies can do to address them.

When it comes to server protection, many enterprises overlook physical security risks. The common myth is that because the servers are in a data center or otherwise behind lock and key, and because the data is in perpetual use, encrypting the drives is unnecessary, as the data is never at rest. 

That’s particularly troublesome. All drives eventually leave the data center for repair or disposal, and having them encrypted is the best way to protect the data from unintentional exposure. And with the enormous number of breaches in the news and compliance regulations – GDPR, HIPAA and California’s Consumer Privacy Act and the like – the prudent advice is to encrypt everything, everywhere, all the time. 

Linux has built in encryption for several years now. So why, then, are enterprises still struggling with their encryption efforts?

To answer this question, let’s review the disk encryption capabilities that are built into Linux:

dm-crypt

dm-crypt is a transparent disk encryption subsystem within the Linux kernel. It is a block device-based abstraction that can be inserted on top of other block devices, like disks. It is, therefore, an ideal technology to be used for full disk encryption (FDE). The actual encryption is not built into dm-crypt, but rather it utilizes cryptographic routines (e.g., AES) from the kernel’s Crypto API.

LUKS

LUKS (Linux Unified Key Setup) is a disk encryption specification that details a platform-independent standard on-disk format for use in various tools (e.g., a standard encryption header), which provides the basis for implementing password management. LUKS operates on Linux and is based on an enhanced version of cryptsetup that uses dm-crypt as the disk encryption back end.

Together, dm-crypt and LUKS form the basis for a simple “stand-alone,” password-authenticated FDE application; this, however, is not an enterprise-grade solution.

The trouble is, the Linux native FDE leaves gaps in data protection, creating compliance risks. What are some of those gaps?

  • No consolidated compliance view of encrypted devices to prove all servers’ encryption states. 
  • No centralized password, key management and backup of an encrypted server. 
  • Complicated root volume encryption leaving room for mistakes. 
  • No easy way to crypto-erase a compromised drive. 

So, the answer as to why enterprises have been struggling with their encryption efforts? It’s due to a lack of management and compliance capabilities built into their Linux servers.

To help address this, organizations should look for solutions that include the following types of functionality and features:

1.     Separation of Encryption and Key Management

To be most effective, an encryption product should be separated into two components: encryption and key management. The expertise to deliver these two components is quite different. For extra protection, consider solutions that layer on top of dm-crypt rather than replacing it to better cohesively manage encryption.

2. Robust Authentication

With so much focus today on identity and access control, it is important to have an encryption solution in place that can provide more robust authentication of servers to ensure your data is safe from harm. Pre-boot network-based authentication can provide this, bolstering security before the operating system boots. 

3. Centralized Compliance View and Management of Encrypted Devices, Keys and Recovery Information

With this type of visibility, you can see if a Linux server in your organization is encrypted and compliant with your encryption policy. The server would communicate its encryption status (for all disks) to a central console. Thereby, if a server goes missing, the IT department would have proof of its encryption state for auditors.Also, overall password recovery, operations and management of an encrypted Linux server from a central console is essential. The console should also be able to provide central backup of the encryption keys and recovery information. 

4. An Easy Way to Ensure Root and Data Volume Encryption and Crypto-Erasing of a Compromised Drive

Root volume encryption, data volume encryption and encrypting swap partition are all needed for security and compliance. Look for solutions that enable this in a simple manner. Also, the solutions should have a simple mechanism to cryptographically erase all data when a drive is compromised or it is to be repurposed. This operation must also be recorded for compliance reasons.

For enterprises facing potentially crippling penalties for a compliance failure under data protection regulations, having a seamless and integrated encryption solution for servers is essential. With the types of functionality listed above, organizations will be best positioned to pass a compliance audit – and protect the confidential information they hold – should a data breach take place.


Previous Post

DOJ “Tweaks” FCPA Corporate Enforcement Policy

Next Post

Using the New NYDFS Cybersecurity Regulation to “Lock the Data Vault” for Financial Institutions

Garry McCracken

Garry McCracken

Garry McCracken is Vice President of Technology at WinMagic.  He has more than 30 years of experience in data communications and information security.  Prior to working at WinMagic, Garry was vice president at Kasten Chase, where he played a key role in assuring the company’s compliance with strict security standards.

Related Posts

sustainability

It’s Time for Private Equity to Move Beyond ESG Compliance

by Todd Rahn
June 7, 2023

Few issues shaping the private equity ecosystem promise to be as transformational as ESG. For the better part of the...

pharma

Hard Pill to Swallow: Sorting Out Conflicting Guidance for Pharma Speaker Programs

by Randy Luskey
June 7, 2023

False Claims Act litigation surrounding drugmakers’ speaker programs, often used to educate healthcare professionals about a company’s products, has many...

layoffs

How to Protect Precious IP From Layoff-Related Insider Theft

by Walter Pfeffer and Harman Deol
June 7, 2023

2023 has seen dozens of companies issue layoffs, and some predictions call for even more through the end of the...

trans rights in workplace

Building a Better Office: How Employers Can Support Gender Diversity

by Cameron Zayne
June 7, 2023

This year alone, more than a dozen states have enacted anti-LGBTQ+ legislation, many of them seeking to curtail the freedom...

Next Post
binary code in bank vault

Using the New NYDFS Cybersecurity Regulation to “Lock the Data Vault” for Financial Institutions

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment Sanctions SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT